Information drives business. For businesses that increasingly depend on data and information for their day-to-day operations, unplanned downtime due to data loss or data corruption can hurt their reputations and bottom lines. Data corruption and loss can occur when software or equipment malfunctions, when administrators make mistakes, and when systems and data are deliberately attacked.
Businesses are becoming increasingly aware of the costs imposed by data corruption and loss and are taking measures to plan for and recover from such events. Often these measures include making backup copies of primary, or production, data, which is ‘live’ data used for operation of the business. Backup copies of primary data are made on different physical storage devices, and often at remote locations, to ensure that a version of the primary data is consistently and continuously available.
Backup copies of data are preferably updated as often as possible so that the copies can be used in the event that primary data are corrupted, lost, or otherwise need to be restored. One way to achieve consistency and avoid data loss is to ensure that every update made to the primary data is also made to the backup copy, preferably in real time. Often such “duplicate” updates are made on one or more “mirror” copies of the primary data by the same application program that manages the primary data. Mirrored copies of the data are typically maintained on devices attached to or immediately accessible by the primary node to avoid delays inherent in transferring data across a network or other communication link to a secondary node and processing the data at the secondary node.
In addition to maintaining mirrored copies of primary data locally, primary data are often replicated to remote sites across a network. A copy of the primary data is made and stored at a remote location, and the replica is updated by propagating any changes to the primary data to the replica copy. If the primary data are replicated at different sites, and if the failure of the systems storing the data at one site is unlikely to cause the failure of the corresponding systems at another site, replication can provide increased data reliability. Thus, if a disaster occurs at one site, an application that uses that data can be restarted using a replicated copy of the data at another site.
Even in a protection scheme including both mirroring and replication of primary data, primary data are not completely safe from corruption. For example, a breach of security of the primary node typically will enable an attacker to access and corrupt all resources accessible from the primary node, including the mirrored copies of data. Such corruption may include infecting primary data with a virus. This problem is exacerbated when primary data are corrupted and the result of the update corrupting the primary data is replicated to secondary nodes hosting backup copies of the data. When replication of corrupted primary data occurs, all copies of the data are corrupted. “Backing out” the corrupted data and restoring the primary data to a previous state is required on every copy of the data that has been made. Therefore, frequent scanning for infected sets of data is important.
Most data protection schemes, such as backup, replication, and virus protection, are scheduled to occur at particular points in time. However, even when protection operations are performed very frequently, a large amount of unprotected data may exist at any point in time waiting to be replicated or copied to a backup storage device. This unprotected data is especially significant in environments with large amounts of rapidly changing data. Time-based data protection may be inadequate for such environments.
Furthermore, data that are highly critical are often protected according to the same schedule as data that are of little operational importance to the organization or that can be easily reproduced. A scheme that takes into account the operational significance of the data could consider the effort involved in reconstructing the data if lost and use protection resources more efficiently. In addition, if only a small portion of a set of data has changed since the last backup operation, protecting the entire set of data with each backup operation can waste significant resources.
A solution is needed that enables data protection to be tailored in accordance with the type of data to be protected and the amount of data that has changed. Preferably, the solution should enable different types of protection to be triggered dynamically depending upon the nature of the data as the data change. The solution should enable the operational significance of a set of data to be taken into account when allocating protection resources.